Fortinet Community

redclovertech · ‎06-27-2021

I successfully setup SD-WAN using Comcast (wan1) and an LTE router (wan2) in my lab environment.

How would you go about blocking or slowing certain apps like YouTube or Windows Update for example while you're in a failed over state? I may want to expand this to not allow the Guest VLAN to even use the wan2 connection, and subsequently giving the Voice VLAN priority.

My initial idea was to select the specific interface, but you can only select the 'virtual-wan-link' as an interface in the firewall policy. Do I have to go back to using link monitor so I can I have the individual interfaces back?

Thanks a bunch in advance!

kgeorge · ‎07-10-2023

Hello,

Sorry that this post was unaddressed so far. I believe, this should have taken care by now.

However, like to once address it from our side though.

"How would you go about blocking or slowing certain apps like YouTube or Windows Update for example while you're in a failed over state?"

---> This Mechanism is something that is not possible or not available currently in FortiGate.

And yes, when SDWAN is configured, the Firewall Policy can only be used with SDWAN (Virtual WAN link" option in the Destination interface.

However, there is still a way out for this and that is by using SD-WAN Rules. In SD-WAN rules, you can use specific WAN interface for specific traffic accordingly.

Refer this documentation for more information,

https://docs.fortinet.com/document/fortigate/6.4.13/administration-guide/716691/sd-wan-rules

Regards,

Klint George

Regards,
Klint George

Fortinet Community

Block/Slow Apps while on Fail-Over (SD-WAN)